XDR-1275: Add Sentinel OOB data connectors (#7)

XDR-1275: add sentinel OOB data connectors

modules/sentinel-data-connector-aws-cloudtrail/README.md

@@ -0,0 +1,34 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 2.54 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~> 2.54 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_sentinel_data_connector_aws_cloud_trail.data_connector_aws_cloudtrail](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sentinel_data_connector_aws_cloud_trail) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_role_arn"></a> [aws\_role\_arn](#input\_aws\_role\_arn) | The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector. | `string` | n/a | yes |
+| <a name="input_log_analytics_workspace_id"></a> [log\_analytics\_workspace\_id](#input\_log\_analytics\_workspace\_id) | The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. | `string` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | The name which should be used for this AWS CloudTrail Data Connector. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_id"></a> [id](#output\_id) | The ID of the AWS CloudTrail Data Connector. |
+<!-- END_TF_DOCS -->

modules/sentinel-data-connector-aws-cloudtrail/main.tf

@@ -0,0 +1,17 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# DEPLOY SENTINEL DATA CONNECTOR FOR AWS CLOUDTRAIL
+# ---------------------------------------------------------------------------------------------------------------------
+
+terraform {
+  required_version = ">= 0.12.26"
+  required_providers {
+    azurerm = "~> 2.54"
+  }
+}
+
+resource "azurerm_sentinel_data_connector_aws_cloud_trail" "data_connector_aws_cloudtrail" {
+  aws_role_arn               = var.aws_role_arn
+  log_analytics_workspace_id = var.log_analytics_workspace_id
+  name                       = var.name
+
+}

modules/sentinel-data-connector-aws-cloudtrail/outputs.tf

@@ -0,0 +1,4 @@
+output "id" {
+  description = "The ID of the AWS CloudTrail Data Connector."
+  value       = azurerm_sentinel_data_connector_aws_cloud_trail.data_connector_aws_cloudtrail.id
+}

modules/sentinel-data-connector-aws-cloudtrail/vars.tf

@@ -0,0 +1,14 @@
+variable "aws_role_arn" {
+  description = "The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector."
+  type        = string
+}
+
+variable "log_analytics_workspace_id" {
+  description = "The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in."
+  type        = string
+}
+
+variable "name" {
+  description = "The name which should be used for this AWS CloudTrail Data Connector."
+  type        = string
+}

modules/sentinel-data-connector-azure-ad/README.md

@@ -0,0 +1,34 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 2.54 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~> 2.54 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_sentinel_data_connector_azure_active_directory.data_connector_azure_ad](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sentinel_data_connector_azure_active_directory) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_log_analytics_workspace_id"></a> [log\_analytics\_workspace\_id](#input\_log\_analytics\_workspace\_id) | The ID of the Log Analytics Workspace that this Azure Active Directory Data Connector resides in. | `string` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | The name which should be used for this Azure Active Directory Data Connector. | `string` | n/a | yes |
+| <a name="input_tenant_id"></a> [tenant\_id](#input\_tenant\_id) | The ID of the tenant that this Azure Active Directory Data Connector connects to. | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_id"></a> [id](#output\_id) | The ID of the Azure Active Directory Data Connector. |
+<!-- END_TF_DOCS -->

modules/sentinel-data-connector-azure-ad/main.tf

@@ -0,0 +1,17 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# DEPLOY SENTINEL DATA CONNECTOR FOR AZURE ACTIVE DIRECTORY
+# ---------------------------------------------------------------------------------------------------------------------
+
+terraform {
+  required_version = ">= 0.12.26"
+  required_providers {
+    azurerm = "~> 2.54"
+  }
+}
+
+resource "azurerm_sentinel_data_connector_azure_active_directory" "data_connector_azure_ad" {
+  log_analytics_workspace_id = var.log_analytics_workspace_id
+  name                       = var.name
+  tenant_id                  = var.tenant_id
+
+}

modules/sentinel-data-connector-azure-ad/outputs.tf

@@ -0,0 +1,4 @@
+output "id" {
+  description = "The ID of the Azure Active Directory Data Connector."
+  value       = azurerm_sentinel_data_connector_azure_active_directory.data_connector_azure_ad.id
+}

modules/sentinel-data-connector-azure-ad/vars.tf

@@ -0,0 +1,15 @@
+variable "log_analytics_workspace_id" {
+  description = "The ID of the Log Analytics Workspace that this Azure Active Directory Data Connector resides in."
+  type        = string
+}
+
+variable "name" {
+  description = "The name which should be used for this Azure Active Directory Data Connector."
+  type        = string
+}
+
+variable "tenant_id" {
+  description = "The ID of the tenant that this Azure Active Directory Data Connector connects to."
+  type        = string
+  default     = null
+}

modules/sentinel-data-connector-azure-atp/README.md

@@ -0,0 +1,34 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 2.54 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~> 2.54 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_sentinel_data_connector_azure_advanced_threat_protection.data_connector_azure_atp](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sentinel_data_connector_azure_advanced_threat_protection) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_log_analytics_workspace_id"></a> [log\_analytics\_workspace\_id](#input\_log\_analytics\_workspace\_id) | The ID of the Log Analytics Workspace that this Azure Advanced Threat Protection Data Connector resides in. | `string` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | The name which should be used for this Azure Advanced Threat Protection Data Connector. | `string` | n/a | yes |
+| <a name="input_tenant_id"></a> [tenant\_id](#input\_tenant\_id) | The ID of the tenant that this Azure Advanced Threat Protection Data Connector connects to. | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_id"></a> [id](#output\_id) | The ID of the Azure Advanced Threat Protection Data Connector. |
+<!-- END_TF_DOCS -->

modules/sentinel-data-connector-azure-atp/main.tf

@@ -0,0 +1,17 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# DEPLOY SENTINEL DATA CONNECTOR MICROSOFT DEFENDER FOR IDENTITY
+# ---------------------------------------------------------------------------------------------------------------------
+
+terraform {
+  required_version = ">= 0.12.26"
+  required_providers {
+    azurerm = "~> 2.54"
+  }
+}
+
+resource "azurerm_sentinel_data_connector_azure_advanced_threat_protection" "data_connector_azure_atp" {
+  log_analytics_workspace_id = var.log_analytics_workspace_id
+  name                       = var.name
+  tenant_id                  = var.tenant_id
+
+}

modules/sentinel-data-connector-azure-atp/outputs.tf

@@ -0,0 +1,4 @@
+output "id" {
+  description = "The ID of the Azure Advanced Threat Protection Data Connector."
+  value       = azurerm_sentinel_data_connector_azure_advanced_threat_protection.data_connector_azure_atp.id
+}

modules/sentinel-data-connector-azure-atp/vars.tf

@@ -0,0 +1,15 @@
+variable "log_analytics_workspace_id" {
+  description = "The ID of the Log Analytics Workspace that this Azure Advanced Threat Protection Data Connector resides in."
+  type        = string
+}
+
+variable "name" {
+  description = "The name which should be used for this Azure Advanced Threat Protection Data Connector."
+  type        = string
+}
+
+variable "tenant_id" {
+  description = "The ID of the tenant that this Azure Advanced Threat Protection Data Connector connects to."
+  type        = string
+  default     = null
+}

modules/sentinel-data-connector-azure-security-center/README.md

@@ -0,0 +1,34 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 2.54 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~> 2.54 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_sentinel_data_connector_azure_security_center.data_connector_azure_security_center](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sentinel_data_connector_azure_security_center) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_log_analytics_workspace_id"></a> [log\_analytics\_workspace\_id](#input\_log\_analytics\_workspace\_id) | The ID of the Log Analytics Workspace that this Azure Security Center Data Connector resides in. | `string` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | The name which should be used for this Azure Security Center Data Connector. | `string` | n/a | yes |
+| <a name="input_subscription_id"></a> [subscription\_id](#input\_subscription\_id) | The ID of the subscription that this Azure Security Center Data Connector connects to. | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_id"></a> [id](#output\_id) | The ID of the Azure Security Center Data Connector. |
+<!-- END_TF_DOCS -->

modules/sentinel-data-connector-azure-security-center/main.tf

@@ -0,0 +1,17 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# DEPLOY SENTINEL DATA CONNECTOR MICROSOFT DEFENDER FOR CLOUD
+# ---------------------------------------------------------------------------------------------------------------------
+
+terraform {
+  required_version = ">= 0.12.26"
+  required_providers {
+    azurerm = "~> 2.54"
+  }
+}
+
+resource "azurerm_sentinel_data_connector_azure_security_center" "data_connector_azure_security_center" {
+  log_analytics_workspace_id = var.log_analytics_workspace_id
+  name                       = var.name
+  subscription_id            = var.subscription_id
+
+}

modules/sentinel-data-connector-azure-security-center/outputs.tf

@@ -0,0 +1,4 @@
+output "id" {
+  description = "The ID of the Azure Security Center Data Connector."
+  value       = azurerm_sentinel_data_connector_azure_security_center.data_connector_azure_security_center.id
+}

modules/sentinel-data-connector-azure-security-center/vars.tf

@@ -0,0 +1,15 @@
+variable "log_analytics_workspace_id" {
+  description = "The ID of the Log Analytics Workspace that this Azure Security Center Data Connector resides in."
+  type        = string
+}
+
+variable "name" {
+  description = "The name which should be used for this Azure Security Center Data Connector."
+  type        = string
+}
+
+variable "subscription_id" {
+  description = "The ID of the subscription that this Azure Security Center Data Connector connects to."
+  type        = string
+  default     = null
+}

modules/sentinel-data-connector-microsoft-cloud-app-security/README.md

@@ -0,0 +1,36 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.12.26 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 2.54 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | ~> 2.54 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [azurerm_sentinel_data_connector_microsoft_cloud_app_security.data_connector_microsoft_cloud_app_security](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sentinel_data_connector_microsoft_cloud_app_security) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_log_analytics_workspace_id"></a> [log\_analytics\_workspace\_id](#input\_log\_analytics\_workspace\_id) | The ID of the Log Analytics Workspace that this Microsoft Cloud App Security Data Connector resides in. | `string` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | The name which should be used for this Microsoft Cloud App Security Data Connector. | `string` | n/a | yes |
+| <a name="input_alerts_enabled"></a> [alerts\_enabled](#input\_alerts\_enabled) | Should the alerts be enabled? | `bool` | `true` | no |
+| <a name="input_discovery_logs_enabled"></a> [discovery\_logs\_enabled](#input\_discovery\_logs\_enabled) | Should the Discovery Logs be enabled? | `bool` | `true` | no |
+| <a name="input_tenant_id"></a> [tenant\_id](#input\_tenant\_id) | The ID of the Tenant that this Microsoft Cloud App Security Data Connector connects to. | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_id"></a> [id](#output\_id) | The ID of the Microsoft Cloud App Security Data Connector. |
+<!-- END_TF_DOCS -->

modules/sentinel-data-connector-microsoft-cloud-app-security/main.tf

@@ -0,0 +1,19 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# DEPLOY SENTINEL DATA CONNECTOR MICROSOFT DEFENDER FOR CLOUDAPPS
+# ---------------------------------------------------------------------------------------------------------------------
+
+terraform {
+  required_version = ">= 0.12.26"
+  required_providers {
+    azurerm = "~> 2.54"
+  }
+}
+
+resource "azurerm_sentinel_data_connector_microsoft_cloud_app_security" "data_connector_microsoft_cloud_app_security" {
+  alerts_enabled             = var.alerts_enabled
+  discovery_logs_enabled     = var.discovery_logs_enabled
+  log_analytics_workspace_id = var.log_analytics_workspace_id
+  name                       = var.name
+  tenant_id                  = var.tenant_id
+
+}

modules/sentinel-data-connector-microsoft-cloud-app-security/outputs.tf

@@ -0,0 +1,4 @@
+output "id" {
+  description = "The ID of the Microsoft Cloud App Security Data Connector."
+  value       = azurerm_sentinel_data_connector_microsoft_cloud_app_security.data_connector_microsoft_cloud_app_security.id
+}

modules/sentinel-data-connector-microsoft-cloud-app-security/vars.tf

@@ -0,0 +1,27 @@
+variable "alerts_enabled" {
+  description = "Should the alerts be enabled?"
+  type        = bool
+  default     = true
+}
+
+variable "discovery_logs_enabled" {
+  description = "Should the Discovery Logs be enabled?"
+  type        = bool
+  default     = true
+}
+
+variable "log_analytics_workspace_id" {
+  description = "The ID of the Log Analytics Workspace that this Microsoft Cloud App Security Data Connector resides in."
+  type        = string
+}
+
+variable "name" {
+  description = "The name which should be used for this Microsoft Cloud App Security Data Connector."
+  type        = string
+}
+
+variable "tenant_id" {
+  description = "The ID of the Tenant that this Microsoft Cloud App Security Data Connector connects to."
+  type        = string
+  default     = null
+}